Kyle Hamilton wrote: > Dave S, I wish that you would read the entire message and maybe clear > your system of a bit of the current X.509 FUD kool-aid. This is > "person to his own server at home". This does not require any kind of > third-party reference (asking someone else to introduce your computer > to you? That's a waste...), and thus does not need a certificate from > a CA from the list included in the iPhone's Keychain.
What do you suggest then? Memorize the public key? Always, and only, access your computer from the same single device? > This is an SSH-like scenario (meaning, the subject is already known to > the principal, who has made a choice to use the services provided by > that subject). Instead of trying to display the contents of a > self-signed webserver certificate, the only thing that you can really > truly verify is the public key contained in the certificate. The > piece you're looking for to display is the subjectKeyIdentifier, which > "should be the hash of the public key". This is basically what SSH > displays to its users. No, it's not. SSH always displays the hash of the public key. You are suggesting displaying arbitrary data provided by the attacker that may or may not be the hash of the public key. > You can cache the sKI the same way SSH does with its known_hosts file: > hostname, publickeytype, publickey. If the key hasn't changed, no > need to bug the user; if the key HAS changed, then you need to alert > the user and ask for an override -- perhaps a multitouch gesture to > signal that the user knows that the key's changed, and if the user > didn't change the key himself and hasn't been told by the homebox > admin (which is not necessarily the user, it might be the user's > husband or child or wife or -- if the adage is correct -- maybe even > the family dog) that the key's changed that he shouldn't connect. This makes no sense. An attacker can simply create their own certificate with the same SKID (but a different public key). To do what SSH does, you must track the hash of the public key. The certificate SKID will not do. In any event, this is precisely what I suggested in my response. And I believe I accurately pointed out its strengths and weaknesses. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
